CyberMind-FR
418e99e481
Complete WebRadio management interface for OpenWrt: - Dashboard with server status, listeners, now playing - Icecast/Ezstream server configuration - Playlist management with shuffle/upload - Programming grid scheduler with jingle support - Live audio input via DarkIce (ALSA) - Security: SSL/TLS, rate limiting, CrowdSec integration Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
28 lines
773 B
YAML
28 lines
773 B
YAML
# CrowdSec scenario for Icecast bandwidth abuse detection
|
|
# Detects IPs making excessive parallel connections (stream ripping)
|
|
# Install: cp to /etc/crowdsec/scenarios/
|
|
|
|
type: leaky
|
|
name: cybermind/icecast-bandwidth-abuse
|
|
description: "Detect bandwidth abuse on Icecast (multiple parallel streams)"
|
|
filter: "evt.Meta.service == 'icecast' && evt.Meta.log_type == 'access'"
|
|
|
|
# Trigger on 10 simultaneous stream requests in 10 seconds
|
|
# Normal listeners connect once and maintain connection
|
|
leakspeed: "1s"
|
|
capacity: 10
|
|
groupby: evt.Meta.source_ip
|
|
|
|
blackhole: 10m
|
|
reprocess: true
|
|
|
|
labels:
|
|
service: icecast
|
|
type: bandwidth_abuse
|
|
confidence: 2
|
|
spoofable: 0
|
|
classification:
|
|
- attack.T1499.002
|
|
label: "Icecast bandwidth abuse (stream ripping)"
|
|
remediation: true
|